Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Thu 24 Sep 2020 16:20 - 16:40 at Koala - Software Security and Trust (3) Chair(s): Julia Lawall

Recent advances in web technology have made in-browser cryptomining a viable funding model. However, these services have been abused to launch large-scale cryptojacking attacks to secretly mine cryptocurrency in browsers. To detect them, various signature-based or runtime feature-based methods have been proposed. However, they can be imprecise or easily circumvented. To this end, we propose MinerRay, a generic scheme to detect malicious in-browser cryptominers. Instead of leveraging unreliable external patterns, MinerRay relies on the essence of cryptomining semantics that differentiates mining from common browsing activities. By abstracting away language or implementation details, MinerRay can handle modules written in different languages. Besides, MinerRay infers user contents to check if the mining is started secretly. MinerRay was evaluated on over 1 million websites. It detected cryptominers on 901 websites, where 885 secretly start mining without user consent. Besides, we compared MinerRay with five state-of-the-art signature-based or behavior-based cryptominer detectors (MineSweeper, CM-Tracker, Outguard, No Coin, and minerBlock). We observed that emerging miners with new signatures or new services were detected by MinerRay but missed by others. The result shows that our proposed technique is effective and robust in detecting evolving cryptominers, yielding more true positives, and fewer errors.

Thu 24 Sep

Displayed time zone: (UTC) Coordinated Universal Time change

16:00 - 17:00
Software Security and Trust (3)Research Papers at Koala
Chair(s): Julia Lawall Inria
16:00
20m
Talk
Prober: Practically Defending Overflows with Page Protection
Research Papers
Hongyu Liu Purdue University, Ruiqin Tian College of William and Mary, Bin Ren College of William and Mary, Tongping Liu University of Massachusetts Amherst
16:20
20m
Talk
MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection
Research Papers
Alan Romano University at Buffalo, SUNY, Yunhui Zheng IBM Research, Weihang Wang University at Buffalo, SUNY
16:40
20m
Talk
Summary-Based Symbolic Evaluation for Smart ContractsACM Distinguished Paper
Research Papers
Yu Feng University of California, Santa Barbara, Emina Torlak University of Washington, Rastislav Bodík University of Washington